Yet Another Delegation Thread

Josh Hoyt josh at janrain.com
Wed Oct 25 17:36:42 UTC 2006


On 10/25/06, Dick Hardt <dick at sxip.com> wrote:
> > 2) Since the RP has to do discovery on the Claimed Identifier
> > anyway, if it
> > discovers a mapping between the Claimed Identifier and an IdP-Specific
> > Identifier, the RP can send the IdP-Specific Identifier to the IdP
> > and save
> > the IdP from having to repeat discovery.
>
> unfortunately that disco information could be modified in route, so
> the IdP can't trust it

I have said this several times already, but THE IDP DOES NOT HAVE TO
TRUST THIS INFORMATION.

Josh



More information about the specs mailing list